[SOLVED] SQL Statement. cannot retieve a record I know exists

[Johnain]

Hi all

I have a record in my mysql table"users"  keyed on a username JohnAin.

 

this SQL statment finds it ...

 

SELECT * FROM users WHERE username = 'JohnAin'  "

 

This does not ...

 

SELECT * FROM users WHERE username = '".$uname."' "

 

 

and this does not ...

 

SELECT * FROM users WHERE username = '".addslashes($uname)."' "

 

On the line before the select statement runs I echo $uname and it reads as JohnAin on the scree.

 

Any ideas will be welcome.

 

Regards to all

 

John

[revraz]

"SELECT * FROM users WHERE username = '$uname'"

 

[Johnain]

Hi Revraz

 

Thanks. But that didn't do it for me.

 

Here is the code as it stands at the moment

 

Regards

 

John

[Johnain]

.. and this time here it really is !!!

 

Regards

 

John

 

[attachment deleted by admin]

[revraz]

I don't see where you set $uname

[Johnain]

Line 10

 

$uname=$_POST['uname'];

 

on the "Step 2" iteration

 

It prints to the screen ok as well on line 105

 

Regards

 

Jon

[Johnain]

Hi

 

I changed line 111/112 to read

 

  if (DB::isError($check) || $check->numRows() == 0) {

        die("That username (".$uname.") does not exist in our database.");

 

and the darned thing echoed out ok for me there too. it read  JohnAin which is exactly the constant I used to get a successful retrieval.

 

Phew !!!

 

Regrds

 

John

[redarrow]

sort the form out  action="" <<< missing

 

 

  <form method="post">

[Johnain]

Oh no.

 

How embarrassing!

 

I will

 

 

Thanks and regards

 

John

[revraz]

If the action is itself, then there is no need to include it.

[Johnain]

that is right, I realised that just after I posted, but I put it in anyway.

 

I changed to

 

<form method="post" action="../scripts/changeuser.php">

 

... and it refinds the form (as it did before)  but still comes back saying ...

 

"That username ( JohnAin ) does not exist in our database." 

 

Which of course is not the case since a select using the constant "JohnAin"  does find and retrieve the record.

 

Regards

 

John

[Johnain]

Are there any hidden characters in a record retrieved from a table?

 

Is the field length a consideration?

 

Sorry to ask such basic questions, but I am a newcomer !

 

Regards

 

John

[Ken2k7]

Could you please just post the actual snippet of code around those lines rather than just posting a few queries?

[Johnain]

Hi Ken

 

You will find the code in reply 3 above.

 

Regards

 

John

[Johnain]

sorry, just to be clear, it is these statments that I have the problem with ...

 

case 2: // Start step 2. User details maintenance.

    if (!get_magic_quotes_gpc()) {

        $_POST['uname'] = addslashes($_POST['uname']);

    }

    ?>

    <br /><h4>User maintenance - Maintain user details for ...<br /> <?echo($uname) ?></h4>

    <?

    $qry = "SELECT * FROM users WHERE username = '$uname'";

      //$qry = "SELECT username, password FROM users WHERE username = '".$_POST['uname']."'";

      $check = $db_object->query($qry);

 

    if (DB::isError($check) || $check->numRows() == 0) {

        die("That username (".$uname.") does not exist in our database.");

    }

    break;

 

 

The select will find my record when I use a constant for the key, but not when I use $uname.

 

Regards

 

John

[Ken2k7]

<?php
    $uname = $_POST['uname'];
    if (!get_magic_quotes_gpc()) {
        $uname = addslashes($uname);
     }
     ?>
     <br /><h4>User maintenance - Maintain user details for ...<br /> <?echo($uname) ?></h4>
     <?php
     $qry = "SELECT * FROM users WHERE username = '$uname'";
      //$qry = "SELECT username, password FROM users WHERE username = '".$_POST['uname']."'";
      $check = $db_object->query($qry);

     if (DB::isError($check) || $check->numRows() == 0) {
        die("That username (".$uname.") does not exist in our database.");
    }
?>

[Johnain]

Hi Ken

 

Thanks for that, but it hasn't fixed the problem.

 

I am going to work line by line though this and see if I can spot the problem.

 

Thanks for your help

 

Regards

 

John

[Ken2k7]

In your code, you said $check->numRows(). How is it possible you're using $check for that?

[revraz]

After this line

$qry = "SELECT * FROM users WHERE username = '$uname'";

 

enter

echo $qry;

 

I tried it with your code, not using Objects, and it works fine here.

[PFMaBiSmAd]

Since you can put in 'JohnAin' directly in the query and it works, there is something specific with the value that comes from the form.

 

You posted this above -

 

"That username ( JohnAin ) does not exist in our database."

 

If that line is EXACTLY as it was output to the browser, there is leading and trailing white-space on the name. The posted code would have given (JohnAin) with no spaces.

 

Use the trim() function before the query -

 

$uname = trim($uname);

 

If this does not solve it, then your browser/form in doing some character encoding, so that the query does not match the name but the name is "displayed" correctly when you echo it.

[PFMaBiSmAd]

LOL. I looked at your code for the form and it is deliberately putting in a space before and after the name in the value (everyone here probably thought you were typing the name in instead of selecting it from a dropdown) -

 

$linetext = "<option value= ' ".mysql_result($result,$i)." ' >".mysql_result($result,$i)."</option>";

 

Change this to -

 

$linetext = "<option value= '".mysql_result($result,$i)."' >".mysql_result($result,$i)."</option>";

[Johnain]

Hi Guys

 

I finally worked it out with your help.

 

My basic error was forgetting that I was constructing a string containing an SQL statment, not the statement itself!

 

The solution is ...

 

$qry = "SELECT * FROM users WHERE username = "."'".$uname."'";

 

I hope I do not do anything as daft again ... but I bet I do

 

Regards to you all and thanks for all of your help.

 

John